Privacy Policy

Zolby Solutions operates the following products and services (collectively "Zolby" or "the Platform"):

• Zolby Website — www.zolbysolutions.com
• Zolby Project — project.zolbysolutions.com (web, Windows, Mac, iOS, Android)
• Zolby Admin — admin.zolbysolutions.com (internal use only)
• Future apps under the Zolby umbrella (analytics.zolbysolutions.com, field.zolbysolutions.com, docs.zolbysolutions.com)

For privacy inquiries, contact us at: support@zolbysolutions.com

2.1 Account Data (when you register)

• Full name
• Email address
• Password (stored as a cryptographic hash — we never store your actual password)
• Account type (Individual or Company)
• Company name (if applicable)
• Country and currency preference
• Date and time you accepted these terms
• Authentication provider (email/password or Google)

2.2 Project & Work Data (Zolby Project users)

When you use Zolby Project, we store the content you create:

• Project names, descriptions, clients, budgets, and dates
• Tasks, milestones, workflows, and subtasks
• Invoices, expenses, and financial trackers
• Delivery and progress records
• Collaborator email addresses for invited users

This data belongs to you. We store it to provide the service and sync it across your devices.

2.3 Communications Data

• Messages you send through our Contact form (name, email, topic, message)
• Collaboration invite emails sent on your behalf

2.4 Technical Data (collected automatically)

• IP address
• Browser type and version
• Device type (desktop, mobile, tablet)
• Operating system
• Pages visited and features used (anonymised analytics)
• App events (e.g., project created, export performed) — stored locally on your device unless you consent to sharing

2.5 Data We Do NOT Collect

• Payment card numbers (we do not yet process payments directly)
• Government ID or passport data
• Biometric data
• Precise real-time location

We do not use your data for advertising or sell it to third parties.

We use the following trusted third-party infrastructure providers:

All providers are contractually bound to protect your data and comply with applicable data protection laws. Firebase and Vercel are SOC 2 Type II certified. Neon encrypts data at rest and in transit.

• Account data: Retained for as long as your account is active, plus 90 days after deletion request.
• Project data: Retained until you delete it or request account deletion.
• Contact form submissions: Retained for 2 years for support purposes.
• Server logs: Automatically deleted after 30 days.
• Backups: Encrypted backups are retained for up to 30 days.

Depending on your location, you have the following rights over your personal data:

• Right of Access: Request a copy of all data we hold about you.
• Right to Rectification: Ask us to correct inaccurate data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your account and all associated data.
• Right to Portability: Request your data in a machine-readable format (JSON/CSV).
• Right to Object: Object to processing based on legitimate interest.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw at any time.

To exercise any of these rights, email support@zolbysolutions.com. We will respond within 30 days. You can also delete your account directly from your account settings.

We use the following cookies:

• Session cookie (zolby_session, zolby_admin_session): Keeps you signed in. HTTP-only, secure, expires after 7–8 hours. Required for the service to function.
• No advertising or tracking cookies. We do not use Google Analytics, Facebook Pixel, or any advertising tracking technologies.

Because we only use strictly necessary session cookies, we do not require a cookie consent banner under most regulations. If this changes, we will update this policy and add a consent mechanism.

Zolby is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at support@zolbysolutions.com and we will delete it immediately.

Our servers are primarily located in the United States (Firebase, Vercel, Neon). If you access our services from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, your data may be transferred to and processed in countries that may not have equivalent data protection laws.

For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) and our providers' compliance frameworks (Firebase: Google Cloud DPA; Vercel: Vercel DPA; Neon: Neon DPA) as the legal mechanism for such transfers.

We protect your data using industry-standard measures:

• All data in transit is encrypted using TLS 1.2+.
• Passwords are hashed using bcrypt (never stored in plain text).
• Session tokens are signed JWTs stored in HTTP-only, secure cookies.
• Admin access is restricted to authorised personnel only, with its own authentication system.
• Firebase Authentication handles credential security for social sign-in.

No system is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by law.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the effective date at the top of this page.
• Send an email notification to registered users.
• Where required by law, ask for your renewed consent.

Continued use of Zolby after changes take effect constitutes acceptance of the updated policy.

For any privacy-related questions, requests, or concerns: